<?php
// catch errors
if (! isset( $_POST['content'] ) || (isset( $_POST['content'] ) && $_POST['content'] == 'undefined'))
	exit();
// authentification
if ( getIP() != $_SERVER['SERVER_ADDR'] )
	return;
// make path safe
while( strpos($_POST['file'], '../') !== false )
	$_POST['file'] = str_replace('../', '', $_POST['file']);
// update file
file_put_contents($_POST['file'], $_POST['content']);

// help function fetching most-real IP address
function getIP() {
	$ips = array();
	if ( isset( $_SERVER['HTTP_X_FORWARDED_FOR'] )) {
		foreach( array_reverse( explode( ',', $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) as $ip ) {
			$ip = trim( $ip ); 
			if ( $ip != '127.0.0.1'
				 && preg_match( '/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/', $ip )
				 && ! preg_match( '/^192\.168\.\d{1,3}\.\d{1,3}$/', $ip )
				 && ! preg_match( '/^10\.\d{1,3}\.\d{1,3}\.\d{1,3}$/', $ip )
				 && ! preg_match( '/^172\.(1[6-9]|2[0-9]|3[0-1])\.\d{1,3}\.\d{1,3}$/', $ip ) )
			{
				$ips[] = $ip;
			}
		}
	}
	foreach( array('REMOTE_ADDR', 'HTTP_PROXY_USER', 'REMOTE_ADDR') as $src )
		if ( isset( $_SERVER[ $src ] ))
			$ips[] = $_SERVER[ $src ];
	foreach( $ips as $IP )
		return $IP;
}
?>